SMTP AUTH not subjected to unnecessary check?
in [Postfix]
|
Prev: PATCH reject_rhsbl_reverse_client
Next: Postfix Configuration to Allow Other Network Systems to relay through It
From: mouss on 4 Mar 2010 19:29 Voytek Eymont a �crit : > I have Postfix with SMTP AUTH with self issued certificate, it all works > well (as long as I don't touch it..) > > I have now "allowed" some users to use SMTP AUTH, but, some of their mail > then gets evaluated as 'spam' by amavisd/spamassasin scores, amongst > these, 'dynamic ip' type scores > > am I correctly exempting SMTP AUTH users from unnecessary anti-spam evals > such as 'dynamic ip' 'direct access to smpt host' type of evals ? > > or is this something I need to in amavisd/spamassasin ? > > in other words, is my postfix setup correct ? and, optimal ? > there is no evidence in your config that auth'ed mail gets a different ticket than other mail. the recommended way is to enable "submission" (port 587) and configure clients to use this port. This will be more and more common, and if you get here in a few years, this will be the only recommendation, because there is no point to complicate things when you can do it simply... now, you can still use check_* and return a FILTER statement. in any case, either skip amavisd-new (with content_filter or FILTER) or configure amavisd-new to listen to multiple ports, one of which doesn't do spam filtering. Google or other will bring more details. > [snip]
From: "Voytek Eymont" on 4 Mar 2010 20:07 On Fri, March 5, 2010 11:29 am, mouss wrote: > Voytek Eymont a �crit : > > there is no evidence in your config that auth'ed mail gets a different > ticket than other mail. > > the recommended way is to enable "submission" (port 587) and configure > clients to use this port. This will be more and more common, and if you > get here in a few years, this will be the only recommendation, because > there is no point to complicate things when you can do it simply... Mouss, but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I missing something? from master.cf ... submission inet n - n - - smtpd -o smtpd_tls_security_levels=encrypt -o smtpd_sasl_auth_enable=yes ... -- Voytek
From: Charles Marcus on 5 Mar 2010 06:23 On 2010-03-04 8:07 PM, Voytek Eymont wrote: > but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I > missing something? Here's mine: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -- Best regards, Charles
From: Magnus =?iso-8859-1?Q?B=E4ck?= on 6 Mar 2010 04:02 On Friday, March 05, 2010 at 00:16 CET, Voytek Eymont <lists(a)sbt.net.au> wrote: > I have Postfix with SMTP AUTH with self issued certificate, it all > works well (as long as I don't touch it..) SMTP authentication has nothing to do with self-signed certificates. > I have now "allowed" some users to use SMTP AUTH, but, some of their > mail then gets evaluated as 'spam' by amavisd/spamassasin scores, > amongst these, 'dynamic ip' type scores > > am I correctly exempting SMTP AUTH users from unnecessary anti-spam > evals such as 'dynamic ip' 'direct access to smpt host' type of evals > ? > > or is this something I need to in amavisd/spamassasin ? There is no configuration in Postfix to affect the operation of external antispam tools. If you want them to treat certain messages differently you should look into their configuration. [...] -- Magnus B�ck magnus(a)dsek.lth.se
From: mouss on 6 Mar 2010 05:49
Voytek Eymont a �crit : > On Fri, March 5, 2010 11:29 am, mouss wrote: >> Voytek Eymont a �crit : > >> there is no evidence in your config that auth'ed mail gets a different >> ticket than other mail. >> >> the recommended way is to enable "submission" (port 587) and configure >> clients to use this port. This will be more and more common, and if you >> get here in a few years, this will be the only recommendation, because >> there is no point to complicate things when you can do it simply... > > Mouss, > > but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I > missing something? > > from master.cf > .. > submission inet n - n - - smtpd > -o smtpd_tls_security_levels=encrypt -o smtpd_sasl_auth_enable=yes > .. > > > > you need something like -o content_filter=smtp-amavis:[127.0.0.1]:10586 _after_ you have configured amavis to listen on port 10586 and configured it to skip spam filtering on this port. This part is specific to amavisd-new. you need to look at its docs. you can also try Gary's page: http://www200.pair.com/mecham/spam/bypassing.html |